>> But first I have a question related to the mailing list: >> How is it possible that the dm-crypt mailing list web interace and admin >> panel can't be accessed via a secure TLS or at least some broken old >> SSL connection? As in: can somebody please fix this? > > You seem to be the first one that cares. As the admin > functionality is accessible via email, do you actually > have a credible attack model for this? > >From a user perspective it's impossible to know if the admin actually uses this feature. Additionally password reuse by the users could very well be abused by a passive listener in a privilidged network position. Considering the content and target audience password reuse may not be extremely common, but the kind of parties interested in people subscribing to such lists leads me to believe that at the very least passive listening has to be assumed. Another imo valid reason would be the impression it makes on others. How can we as the security community credibly teach others and ask of them to use Letsencrypt, encrypt their harddrives, protect their user data etc. and then hold ourselves to such low standards? Please don't take this as an attack, I just wanted to point something out which appeared borderline ironic from an outsider perspective considering the community and the amount of work needed to fix it. Kind regards Curve _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
